Google Play rejects app due to WebView SSL Error Handler Issue

Description

Environment
Primetime

Issue/Symptoms
Google Play rejects app due to WebView SSL Error Handler issue when the programmer is submitting an Android app that has Adobe Authentication Native Android SDK implemented into it.

Resolution

This is due to the unsafe implementation of theWebViewClient.onReceivedSslError handler in Android apps. Beginning November 25, 2016, Google Play started blocking publishing of any new apps or updates that contain this vulnerability. Read more here.

The programmer needs to remove implementation of this method from their code:

onReceivedSslError(WebView view, SslErrorHandler handler, SslError error);

If the programmer is referencing to DemoApp and have DemoApp sources in their application, they need to delete the onReceivedSslError from:

MainActivity.java, MvpdLogoutActivity.java, and MvpdLoginActivity.java.

Adobe Authentication Native Android SDK library is compliant with this since the SDK version 1.9.1.

On this page